package com.shiro.config;

import com.shiro.entity.Permissions;
import com.shiro.entity.Role;
import com.shiro.entity.User;
import com.shiro.service.LoginService;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * @author :fjw
 * @description:TODO
 * @date :2020/10/26 20:32
 */
@Slf4j
public class MyRealm extends AuthorizingRealm {
	private static final Logger logger = LoggerFactory.getLogger(MyRealm.class);


	@Autowired
	LoginService loginService;

	/**
	 * @MethodName doGetAuthorizationInfo
	 * @Description 授权配置类
	 * @Param [principalCollection]
	 * @Return AuthorizationInfo
	 * @Author WangShiLin
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

		//获取当前登录用户
		User user1 = (User) principalCollection.getPrimaryPrincipal();

		//每次访问需要权限的接口都需要查询数据库并给当前用户授权
		log.info("正在授权");
		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
		//设置权限，写死
		//simpleAuthorizationInfo.addStringPermission("query");
		Subject subject = SecurityUtils.getSubject();
		//获取当前用户对象
		User user = (User) subject.getPrincipal();

		for (Role role : user.getRoles()) {
			//添加角色
			simpleAuthorizationInfo.addRole(role.getRoleName());
			for (Permissions permission : role.getPermissions()) {
				//添加权限
				simpleAuthorizationInfo.addStringPermission(permission.getPermissionsName());
			}

		}

		return simpleAuthorizationInfo;
	}


	/**
	 * @MethodName doGetAuthenticationInfo
	 * @Description 认证配置类
	 * @Param [authenticationToken]
	 * @Return AuthenticationInfo
	 * @Author WangShiLin
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
		log.info("正在认证");

		//获取当前登录的用户名
		String name = authenticationToken.getPrincipal().toString();
		//在数据库中查询用户
		User user = loginService.getUserByName(name);
		if (user == null) {
			//用户不存在，出异常
			logger.info("用户名不存在{}",name);
			//抛出UnknownAccountException
			return null;
		} else {
			log.info("认证通过");
			/*
			将用户对象信息放入shiro的session中用于前端整合thymeleaf判断
			Subject subject = SecurityUtils.getSubject();
			Session session = subject.getSession();
			session.setAttribute("currentUser", user);*/

			//密码123456
			//可以配置加密方式，MD5：	e10adc3949ba59abbe56e057f20f883e  MD5盐值加密:e10adc3949ba59abbe56e057f20f883e+username
			//这里验证authenticationToken和simpleAuthenticationInfo的信息,密码认证，加密
			//将user对象放入第一个参数，其他地方可以通过SecurityUtils.getSubject().getPrincipal()获取
			SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), getName());
			return simpleAuthenticationInfo;
		}


	}
}
